search

centreon / centreon-archived

Centreon is a network, system and application monitoring tool. Centreon is the only AIOps Platform Providing Holistic Visibility to Complex IT Workflows from Cloud to Edge.
https://www.centreon.com
GNU General Public License v2.0
575 stars 240 forks source link

ACL issue for Services by hostgroups #7263

Open gslongo opened 5 years ago

gslongo commented 5 years ago

BUG REPORT INFORMATION

Prerequisites

Versions

centreon-plugin-Hardware-Ups-Standard-Rfc1628-Snmp-20190221-145606.el7.centos.noarch centreon-plugin-Applications-Monitoring-Centreon-Database-20190221-145606.el7.centos.noarch centreon-widget-engine-status-18.10.0-9.el7.centos.noarch centreon-widget-live-top10-cpu-usage-18.10.0-6.el7.centos.noarch centreon-plugin-Network-Cisco-Standard-Snmp-20190221-145606.el7.centos.noarch centreon-pp-manager-18.10.4-1.el7.centos.noarch centreon-engine-18.10.0-4.el7.centos.x86_64 centreon-connector-perl-18.10.0-2.el7.centos.x86_64 centreon-widget-hostgroup-monitoring-18.10.0-6.el7.centos.noarch centreon-nrpe-daemon-2.15-4.el7.centos.x86_64 centreon-plugin-Applications-Protocol-Dns-20190221-145606.el7.centos.noarch centreon-plugin-Applications-Protocol-Ldap-20190221-145606.el7.centos.noarch centreon-database-18.10.3-5.el7.centos.noarch centreon-18.10.3-5.el7.centos.noarch centreon-broker-18.10.1-1.el7.centos.x86_64 centreon-widget-service-monitoring-18.10.0-11.el7.centos.noarch centreon-perl-libs-18.10.3-5.el7.centos.noarch centreon-plugin-Applications-Protocol-Http-20190221-145606.el7.centos.noarch centreon-plugin-Applications-Monitoring-Centreon-Map4-Jmx-20190221-145606.el7.centos.noarch centreon-plugin-Hardware-Printers-Generic-Snmp-20190221-145606.el7.centos.noarch centreon-poller-centreon-engine-18.10.3-5.el7.centos.noarch centreon-base-config-centreon-engine-18.10.3-5.el7.centos.noarch centreon-plugin-Applications-Webservers-Tomcat-Jmx-20190221-145606.el7.centos.noarch centreon-broker-core-18.10.1-1.el7.centos.x86_64 centreon-engine-daemon-18.10.0-4.el7.centos.x86_64 centreon-broker-cbd-18.10.1-1.el7.centos.x86_64 centreon-widget-grid-map-18.10.0-6.el7.centos.noarch centreon-widget-httploader-18.10.0-6.el7.centos.noarch centreon-widget-global-health-18.10.0-8.el7.centos.noarch centreon-release-18.10-2.el7.centos.noarch centreon-trap-18.10.3-5.el7.centos.noarch centreon-plugin-Applications-Protocol-Ftp-20190221-145606.el7.centos.noarch centreon-license-manager-common-18.10.2-1.el7.centos.noarch centreon-web-18.10.3-5.el7.centos.noarch centreon-broker-storage-18.10.1-1.el7.centos.x86_64 centreon-engine-extcommands-18.10.0-4.el7.centos.x86_64 centreon-connector-ssh-18.10.0-2.el7.centos.x86_64 centreon-widget-servicegroup-monitoring-18.10.0-6.el7.centos.noarch centreon-nrpe-plugin-2.15-4.el7.centos.x86_64 centreon-plugin-Applications-Databases-Mysql-20190221-145606.el7.centos.noarch centreon-plugin-Operatingsystems-Linux-Snmp-20190221-145606.el7.centos.noarch centreon-plugin-Applications-Monitoring-Centreon-Poller-20190221-145606.el7.centos.noarch centreon-clib-18.10.0-2.el7.centos.x86_64 centreon-widget-host-monitoring-18.10.0-11.el7.centos.noarch centreon-widget-graph-monitoring-18.10.0-6.el7.centos.noarch centreon-common-18.10.3-5.el7.centos.noarch centreon-plugin-Operatingsystems-Windows-Snmp-20190221-145606.el7.centos.noarch centreon-license-manager-18.10.2-1.el7.centos.noarch centreon-broker-cbmod-18.10.1-1.el7.centos.x86_64 centreon-connector-18.10.0-2.el7.centos.x86_64 centreon-widget-live-top10-memory-usage-18.10.0-6.el7.centos.noarch centreon-widget-tactical-overview-18.10.0-6.el7.centos.noarch centreon-plugin-Applications-Monitoring-Centreon-Central-20190221-145606.el7.centos.noarch

Operating System

CentOS 7

Additional environment details (AWS, VirtualBox, physical, etc.):

Description

In an ACL based environnement, we created a user assigned to one poller with limited restrictions to this poller. The user has no hability to update Services by HostGroups. If you got to Services by HostGroups page, any change is denied. However, if you go to Services Status page -> Click on a service (which is a service by hostgroup) -> then click on "configure service", the update is allowed with the ability to change services parameters dans update hosts related to another poller.

Steps to Reproduce

See before

Describe the received result

See before

Additional relevant information (e.g. frequency, ...)

-

gslongo commented 5 years ago

Hi, any news about this bug ? Let me know if some more informations are required

Regards

itsul commented 4 years ago

Hi @gslongo

sure you have not enabled the admin permission for the specific user?

Have you assginged more than one ACL GROUP to the user? If so please be aware the ACLs are cumulative.

Example:

  1. ACL has assigned hostgroup 1 with readonly permission
  2. ACL has assgigned hostgroup 2 with read/write permission

-

  1. User has assigned 1. ACL => Can only view histgroup 1
  2. User has assgigned 1. & 2. ACL => Can view and edit hostgroup 1&2

We opened a bug report some time ago but the answer was "it is by design". So this is Unfortunately no bug.

Regards

msartiaux commented 4 years ago

Hi, continuing @gslongo issue.

The user is not admin and has only one ACL group.

User ACL are configured like this :

Resources Access

[x] Include all hosts [x] Include all hostgroups [x] Include all servicegroups Poller Filter [Only the poller he has access]

Actions Access

Everything is ticked/enabled except

Menus Access

A screenshot is better than text :slightly_smiling_face:

Screenshot from 2019-10-16 11-09-21